Skip to content

Commit

Permalink
Don't trap when outbound http request is not allowed
Browse files Browse the repository at this point in the history
Signed-off-by: Ryan Levick <ryan.levick@fermyon.com>
  • Loading branch information
rylev committed Aug 20, 2024
1 parent 152409c commit e9a5248
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 10 deletions.
13 changes: 5 additions & 8 deletions crates/factor-outbound-http/src/wasi.rs
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ async fn send_request_impl(
let is_relative_url = request.uri().authority().is_none();
if is_relative_url {
if !allowed_hosts.allows_relative_url(&["http", "https"]) {
return handle_not_allowed(request.uri(), true);
return Ok(handle_not_allowed(request.uri(), true));
}

let origin = request
Expand All @@ -131,7 +131,7 @@ async fn send_request_impl(
let outbound_url = OutboundUrl::parse(request.uri().to_string(), "https")
.map_err(|_| ErrorCode::HttpRequestUriInvalid)?;
if !allowed_hosts.allows(&outbound_url) {
return handle_not_allowed(request.uri(), false);
return Ok(handle_not_allowed(request.uri(), false));
}
}

Expand All @@ -147,11 +147,8 @@ async fn send_request_impl(
}

// TODO(factors): Move to some callback on spin-factor-outbound-networking (?)
fn handle_not_allowed(
uri: &Uri,
is_relative: bool,
) -> anyhow::Result<Result<IncomingResponse, ErrorCode>> {
tracing::error!("Destination not allowed: {uri}");
fn handle_not_allowed(uri: &Uri, is_relative: bool) -> Result<IncomingResponse, ErrorCode> {
tracing::error!("Destination not allowed!: {uri}");
let allowed_host_example = if is_relative {
terminal::warn!("A component tried to make a HTTP request to the same component but it does not have permission.");
"http://self".to_string()
Expand All @@ -165,7 +162,7 @@ fn handle_not_allowed(
host
};
eprintln!("To allow requests, add 'allowed_outbound_hosts = [\"{allowed_host_example}\"]' to the manifest component section.");
Err(ErrorCode::HttpRequestDenied.into())
Err(ErrorCode::HttpRequestDenied)
}

/// This is a fork of wasmtime_wasi_http::default_send_request_handler function
Expand Down
4 changes: 2 additions & 2 deletions crates/factor-outbound-http/tests/factor_test.rs
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,9 @@ async fn disallowed_host_fails() -> anyhow::Result<()> {
let req = Request::get("https://denied.test").body(Default::default())?;
let mut future_resp = wasi_http.send_request(req, test_request_config())?;
future_resp.ready().await;
match future_resp.unwrap_ready() {
match future_resp.unwrap_ready().unwrap() {
Ok(_) => bail!("expected Err, got Ok"),
Err(err) => assert!(matches!(err.downcast()?, ErrorCode::HttpRequestDenied)),
Err(err) => assert!(matches!(err, ErrorCode::HttpRequestDenied)),
};
Ok(())
}
Expand Down

0 comments on commit e9a5248

Please sign in to comment.